Access control enables an authority to control access to resources in a computer based system. Access control deals with resources on one side and users on the other side. It enables an administrator or the authority to prevent unauthorized users from accessing resources. However, one of the main challenges faced in the access control system is the complexity of the overall system. In other words, a single computer storing millions of files, with thousands of connected users able to access the resources distributed across a network, and with operations allowed on given resource such as right to view, to modify, to delete, and the like, increases the complexity of the access control system.
In a typical access control system, the resources are placed in the foreground. Each resource is equipped with an access control list that holds a user or user groups with some permission (i.e., whether the resource is granted or denied) for a particular resource. Therefore, setting the security rights on the resource side makes it impossible to grant or deny access to all resources. It would require a change to the access control list of each existing resource, which is not feasible.
Currently, users are placed in the foreground. The concept of role is introduced and specified by the role based access control model. The role is a profile restricted to granted permissions and the role cannot contain denied permissions. Therefore, the role that grants every resource becomes available. However, once a universal role (i.e., permission to all resources) is assigned to the user, it becomes difficult to forbid the user from the permission of some resources.
In general, administration of current access control systems remains cumbersome and time consuming. Also, analyzing which resources are authorized and denied to the user is difficult. Moreover, no method or system provides the complete view of the net rights of the user.